Welcome to our

Cyber Security News Aggregator

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

First slide label

Some representative placeholder content for the first slide.

Second slide label

Some representative placeholder content for the second slide.

Third slide label

Some representative placeholder content for the third slide.

Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3

published on 2022-09-25 20:10:41 UTC by Didier Stevens
Content:

Here’s a new beta version of my tool pngdump.py, a tool to analyze PNG files.

I took a look at all files on MalwareBazaar with a PNG tag, and made updates to pngdump.py to handle them.

I found 3 types of “PNG” files.

First, files spoofing PNG files: files that are not PNG files, but have a .png extension.

Like .exe and .rar files:

Second, valid PNG files with an appended payload:

Third, invalid PNG files. For example, PNG files with the right record structure, but where the Zlib compressed image is replaced by an RC4 encrypted payload (IcedID):

I also have other samples, but that’s for another blog post.

Beta version 0.0.3 is available on GitHub.

Article: Taking A Look At PNG Files with pngdump.py Beta Version 0.0.3 - published about 2 years ago.

https://blog.didierstevens.com/2022/09/25/taking-a-look-at-png-files-with-pngdump-py-beta-version-0-0-3/
Published: 2022 09 25 20:10:41
Received: 2022 09 25 20:28:16
Feed: Didier Stevens
Source: Didier Stevens
Category: Cyber Security
Topic: Cyber Security
Views: 1